openssl: Crash in ssleay_rand_bytes due to locking regression

A regression was found in the ssleayrandbytes function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash...

Apache Struts 1.x - 1.3.10 Multiple Vulnerabilities - Windows

Apache Struts is prone to multiple vulnerabilities. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

MGASA-2016-0354 Updated guile packages fix security vulnerability

The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions CVE-2016-8605. GNU Guile, an...

DLA-666-1 guile-2.0 - security update

Bulletin has no description...

[ASA-201610-10] guile: multiple issues

Arch Linux Security Advisory ASA-201610-10 ========================================== Severity: High Date : 2016-10-16 CVE-ID : CVE-2016-8605 CVE-2016-8606 Package : guile Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package guile before...

guile2 -- multiple vulnerabilities

Ludovic Courtès reports: The REPL server is vulnerable to the HTTP inter-protocol attack The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme programming language, temporarily changed the process’ umask to zero. During that time window, in a multithreaded application, other threads...

Usermode Archive Sandbox: ZipJail

Usermode Archive Sandbox ZipJail is a usermode sandbox for unpacking archives using the unzip , rar , 7z , and unace utilities. Through the use of the tracy library it limits the attack surfaces to an absolute minimum in case a malicious archive tries to exploit known or unknown vulnerabilities i...

CVE-2016-1181

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service unexpected memory access via a multipart request, a related issue to CVE-2015-0899...

Cisco MiniUPnP Stack Smashing Protection Attack

The Internet of Things security challenge is twofold: finding bugs, and more urgent—fixing them. Cisco’s Talos security intelligence and research group found and privately disclosed a serious and trivially exploitable client-side bug in MiniUPnP that was patched in September of last year. The...

Dnstwist - Domain Name Permutation Engine For Detecting Typo Squatting, Phishing And Corporate Espionage

See what sort of trouble users can get in trying to type your domain name. Find similar-looking domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud and corporate espionage. Useful as an additional source of targeted threat intelligence. The idea is...

Waldo - Multithreaded Directory and Subdomain Bruteforcer

Waldo is a lightweight and multithreaded directory and subdomain bruteforcer implemented in Python. It can be used to locate hidden web resources and undiscovered subdomains of the specified target. Key Features Quickly and easily generate a list of all subdomains of target domain Discover hidden...

openssl: Crash in ssleay_rand_bytes due to locking regression

A regression was found in the ssleayrandbytes function in the versions of OpenSSL shipped with Red Hat Enterprise Linux 6 and 7. This regression could cause a multi-threaded application to crash...

Woodpecker hash Bruteforce - Multithreaded program to perform a brute-force attack against a hash

Woodpecker hash Bruteforce is a fast and easy-to-use multithreaded program to perform a brute-force attack against a hash. It supports many common hashing algorithms such as md5, sha1, etc. It runs on Windows and Mac OS. You can use dictionary, alphabet-based or random bruteforce. Here you can...

Zer0 - Secured file deletion made easy

Zer0 is a user friendly file deletion tool with a high level of security. With Zer0, you'll be able to delete files and to prevent file recovery by a 3rd person. So far, no user reported an efficient method to recover a file deleted by Zer0. Features User friendly HMI : Drag'n'drop, 1 click and t...

Dirs3arch v0.3.0 - HTTP(S) Directory/File Brute Forcer

dirs3arch is a simple command line tool designed to brute force hidden directories and files in websites. It's written in python3 3 and all thirdparty libraries are included. Operating Systems supported Windows XP/7/8 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for...

Juniper Networks Junos OS SSL Session Injection Vulnerability

Junos OS is prone to a OpenSSL session injection and denial of service vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apache-+-PHP-5.x

quick'n'dirty VERY UGLYY C=000DEEE IZ N0T MY STYLE : - for connect back shell start netcat/nc and bind port on given host:port - is ip-range scanner not is multithreaded, but iz multithreaded iz in random scanner and is scanner from file greets to MustLive - no ssl support - more php paths can be...

AIX OpenSSL Advisory : openssl_advisory10.asc

The version of OpenSSL installed on the remote host is affected by the following vulnerabilities : - A memory double-free error exists related to handling DTLS packets that allows denial of service attacks. CVE-2014-3505 - An unspecified error exists related to handling DTLS handshake messages th...

openssl: race condition in ssl_parse_serverhello_tlsext

A race condition was found in the way OpenSSL handled ServerHello messages with an included Supported EC Point Format extension. A malicious server could possibly use this flaw to cause a multi-threaded TLS/SSL client using OpenSSL to write into freed memory, causing the client to crash or execut...

Vulnerability in OpenSSL - Race condition in ssl_parse_serverhello_tlsext

A race condition was found in sslparseserverhellotlsext. If a multithreaded client connects to a malicious server using a resumed session and the server sends an ec point format extension, it could write up to 255 bytes to freed memory. Found by Gabor Tyukasz LogMeIn Inc...